Welcome to the DCG 201 guide to Hacker Double Summer! This is part of a series where we are going to cover all the various hacker conventions and shenanigans at the start of July to the end of August both In Person & Digital! 2022 is a GIGANTIC year for hacker hysteria with so many events this will break the most guides we have ever written with the lucky number 13 as the goal. As more blog posts are uploaded, you will be able to jump through the guide via these links:
HACKER DOUBLE SUMMER — Part One: Surviving Las Vegas, New York & Virtually Anywhere
HACKER DOUBLE SUMMER — Part Two: Capture The Flags & MLH INIT Hackathon
HACKER DOUBLE SUMMER — Part Three: SummerC0n
HACKER DOUBLE SUMMER — Part Four: ToorCamp
HACKER DOUBLE SUMMER — Part Five: A New HOPE (HACKERS ON PLANET EARTH)
HACKER DOUBLE SUMMER — Part Six: SCaLE 19X
HACKER DOUBLE SUMMER — Part Seven: Back2Vegas by RingZero
HACKER DOUBLE SUMMER — Part Eight: BSides Las Vegas
HACKER DOUBLE SUMMER — Part Nine: Black Hat USA
HACKER DOUBLE SUMMER — Part Ten: The Diana Initiative
HACKER DOUBLE SUMMER — Part Eleven: USENIX + SOUPS
HACKER DOUBLE SUMMER — Part Twelve: DEFCON 30
HACKER DOUBLE SUMMER — Part Thirteen: Wiki World’s Fair
HACKER DOUBLE SUMMER — Part Fourteen: Blue Team Con
HACKER DOUBLE SUMMER — Part Fifteen: SIGS, EVENTS & PARTIES IN LAS VEGAS
What is a CTF (Capture The Flag)?
Capture the Flag (CTF) in computer security is an exercise in which “flags” are secretly hidden in purposefully-vulnerable programs or websites. Competitors steal flags either from other competitors (attack/defense-style CTFs) or from the organizers (jeopardy-style challenges).
Security CTFs are usually designed to serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world (i.e., bug bounty programs in professional settings).
Classic CTF activities include reverse-engineering, packet sniffing, protocol analysis, system administration, programming, cryptoanalysis, and writing exploits, among others.
This guide is only to cover in general CTF Challenges and hilight two indiependant ones happeing this year.
NOTE: We will sadly not cover Google CTF due to timing. We also will cover various minor CTF’s such as the ones in the DEF CON Villages in their respective sections.
Recommended OS Platforms:
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing that incorporates more than 300 penetration testing and security auditing pre-installed. Kali Linux is distributed in 32-bit and 64-bit images for use on hosts based on the x86 instruction set and as an image for the ARM architecture for use on the Asus Chromebook Flip C100P, BeagleBone Black, HP Chromebook, CubieBoard 2, CuBox, CuBox-i, Raspberry Pi, EfikaMX, Odroid U2, Odroid XU, Odroid XU3, Samsung Chromebook, Utilite Pro, Galaxy Note 10.1, and SS808.
Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
The most advanced Penetration Testing Distribution. Ever. Kali Linux is an open-source, Debian-based Linux distribution…
Kali Linux is also available on Windows 10, on top of Windows Subsystem for Linux (WSL). The official Kali distribution for Windows can be downloaded from the Microsoft Store:
Kali Linux in the Windows App Store | Kali Linux Blog
No, really…this isn't clickbait. For the past few weeks, we've been working with the Microsoft WSL team to get…
For select Android Phones, you can run a derivative called Kali NetHunter. It includes a dedicated NetHunter App with a full Kali Linux toolset providing a touch screen optimized GUI for common attack categories, a custom kernel that supports 802.11 wireless injection with Software Defined Radio support and preconfigured connect back VPN services:
Kali NetHunter | Kali Linux Documentation
Kali NetHunter is available for un-rooted devices (NetHunter Rootless), for rooted devices that have a custom recovery…
Parrot OS is a GNU/Linux distribution based on Debian’s testing branch (Bullseye) and a Linux 5.4 kernel with a focus on security, privacy, and development. It provides a suite of penetration testing tools to be used for attack mitigation, security research, forensics, and vulnerability assessment. The OS is certified to run on devices which have a minimum of 256MB of RAM and it is suitable for both 32-bit (i386) and 64-bit (amd64) processor architectures. In addition, the project is available for ARMv7 (armhf) architectures available for Raspberry Pi devices. The desktop environments are MATE and KDE.
The operating system for | The ultimate framework for your Cyber Security operations What's new in ParrotOS 5.0 Electro…
You have two options for Fedora. First is Fedora Security Lab which provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations. It comes with the clean and fast Xfce Desktop Environment and a customized menu that provides all the instruments needed to follow a proper test path for security testing or to rescue a broken system.
The Fedora Security Lab provides a safe test environment to work on security auditing, forensics, system rescue and…
Network Security Toolkit (NST) is a bootable live CD based on the Fedora distribution. The toolkit was designed to provide easy access to best-of-breed open source network security applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of open source network security tools.
Network Security Toolkit (NST 34)
Network Security Toolkit (NST 34 ) Welcome to the Network Security Toolkit (NST ). This bootableISO live USB Flash…
Pentoo, based on Gentoo Linux, is a Live CD and Live USB designed for penetration testing and security assessment. Pentoo is provided both as 32 and 64 bit installable live CD. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches — with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available. Tools are installed with versioned ebuilds and open-ended ebuilds, making it possible to pull in the latest subversions and still have installs tracked by package management.
Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based off Gentoo Linux…
BlackArch is an open-source distro and penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools, created specially for penetration testers and security researchers. The repository contains more than 2400 tools that can be installed individually or in groups. BlackArch Linux is compatible with existing Arch Linux installs.
BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security…
PentestBox is an Open Source, Pre-Configured Portable Penetration Testing Environment for the Windows Operating System. It provides all the security tools as a software package and lets you run them natively on Windows. This effectively eliminates the requirement of virtual machines or dualboot environments on windows. All the dependencies required by tools are inside PentestBox, so you can even run PentestBox on freshly installed windows without any hassle. PentestBox is entirely portable, so now you can carry your own Penetration Testing Environment on a USB stick. It supports both 32-bit and 64-bit systems.
PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System
Apple iMac machines run a POSIX compliant UNIX variant, and the hardware is essentially the same as what you would find in a high-end PC. This means that most hacking tools run on the Mac operating system. A properly set up Apple machine can do quite a bit of heavy lifting.
Mac for Hackers: How to Organize Your Tools by Pentest Stages
With all of the bare-bones setup out of the way in our Mac for Hackers series, your Apple machine should be ready to…
SecBSD Tool List is based off the long running SecBSD Project. SecBSD is an UNIX-like operating system focused on computer security OpenBSD-based. A BSD enviroment for security researchers, pentesters, bug hunters & cybersecurity experts. While the project is in a questionable limbo, for those running OpenBSD you can use their Tool List as a refrence guide to import and config your instance to be a pentesting platform.
Open source volunteer project to develop security focused UNIX-like operating system based upon OpenBSD for security…
- NMAP : Nmap is a free tool for network discovery and security auditing. It can be used for host discover, open ports, running services, OS details, etc. Nmap send specially crafted packet and analyzes the response. Download NMAP
- Wireshark : Wireshark is a free open source network protocol and packet analyzer. It allows us to monitor the entire network traffic by putting network interface into promiscuous mode. Download Wireshark
- PuTTY : PuTTY is a free and open source SSH and telnet client. It is used for remote access to another computer. Download Putty
- SQLmap : SQLmap is a free and open source tool mainly used for detecting and exploiting SQL injection issues in the application. It has options for hacking the vulnerable database as well. SQLmap can be downloaded from http://sqlmap.org/
- Metasploit Framework : Metasploit is a popular hacking and pentesting framework. It is developed by Rapid7 and used by every pentester and ethical hacker. It is used to execute exploit code against vulnerable target machine. Metasploit Download
- Burp Suite : Burp Suite is an integrated platform for performing security testing of web applications. It has multiple tools integrate in it. Two main tools in free version are Spider and Intruder. Spider is used to crawl the pages of the application and Intruder is used to perform automated attacks on the web application. Burp Has professional version in which there is a additional tool present called Burp Scanner to scan the applications for the vulnerabilities. Download Burp Suite
- OWASP Zed Attack Proxy : OWASP zap is one of the OWASP project. It is a penetration testing tool for web applications having similar features of Burp Suite. It has automated scanner to discover the vulnerabilities in application. Additional feature include spider for Ajax based application. OWASP zap can be used as a intercepting proxy also. OWASP zap Download
- Nessus : Nessus is a Vulnerability, configuration, and compliance assessment tool. It has free and paid version. Free version is for personal use. It uses the plugins for scanning. Simply feed the IP address of the target machine and run the scan. There is an option to download the detailed report as well. Nessus can be downloaded from http://www.tenable.com/products/nessus
- Nikto : Nikto is a open source Web server vulnerability scanner. It detects the outdated installation of software and configuration, potentially dangerous files/CGIs, etc. It has a feature of report creation as well. Nikto can be downloaded from http://www.cirt.net/nikto2
- John the Ripper : It is a password cracking pen testing tool and commonly used to perform dictionary based brute force attack. John the Ripper can be downloaded from http://www.openwall.com/john/
- Hydra : Another password cracker similar to John the Ripper. Hydra is a fast network logon cracker. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Hydra can be downloaded from https://www.thc.org/thc-hydra/
- w3af : w3af is a Web Application Attack and Audit Framework.Some of its features include fast HTTP requests, integration of web and proxy servers into the code, injecting payloads into various kinds of HTTP requests, etc. It has a command-line interface and works on Linux, Apple Mac OS X, and Microsoft Windows. All versions are free of charge to download. w3af can be downloaded from http://www.wtcs.org/snmp4tpc/getif.htm
- bettercap: A powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution for hacking WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks. It includes powerful network sniffer for credentials harvesting which can also be used as a network protocol fuzzer coupled with a very fast port scanner and an easy to use web user interface. bettercap can be downloaded from https://www.bettercap.org/
HACKER SUMMER CAMP 2022 CTF HIGHLIGHTS
DEF CON 30 Capture The Flag
After a spectacular run by the Order of the Overflow, the Nautilus Institute is looking forward to bringing you the future of DEF CON CTF: three days of attack-defense action with sixteen of the best hacking teams in the world. Our teams will be reverse engineering, pwning, and pushing other hackers off their boxes in a head to head computing competition to directly demonstrate effective exploitation for the future.
How to Qualify
DEF CON CTF is a popular contest. Over 1200 teams played in DEF CON CTF Qualifiers in May, with over 200 solving two or more challenges. We qualified the top team from last year’s finals game, Katzebin, and fifteen of the top quals teams. Our competitors hacked their way through an ARM trustzone applet, dug deep into the Missouri Encryption Standard (base64, of course), and pieced together a flag by reverse engineering 24315 binaries for 16 different architectures.
Interested in bringing a team to DEF CON 31? Study up on previous DEF CON CTF challenges, perfect your techniques, and stay tuned for news about how to qualify for the 2023 contest.
Visit the CTF room to take in the ambience of the contest. CTF is a marathon, not a sprint, so the vibes in the room may shift as the contest progresses through Sunday.
Enjoy yourself, learn about the game, but please be respectful! The competitors have worked very hard to qualify, and distractions may not be appreciated.
If you have questions about CTF, members of the Nautilus Institute can probably help you with answers!
We’re excited to be making the world of DEF CON CTF a better place. As we grow, we hope to allow more disciplines to flex at CTF, and we hope you’ll be a part of that. Thank you to the CTF and DEF CON communities for this incredible opportunity, and we hope to build a brighter future for you all to break.
Game schedule, scores, blog: https://nautilus.institute
Announcements and News: https://twitter.com/nautilus_ctf
Global Cyber Games Charity Battle 2022
Location: HyperX eSports Arena (Luxor Hotel & Casino, Luxor Dr, Las Vegas, NV 89119)
Date & Time: August 11, 2022 | 12 PM–10 PM PT
Welcome to the BIG LEAGUES! If you are attending Hacker Summer Camp in Las Vegas, get you start before DEF CON at this Cyber Games broadcasted on stage like it’s the EVO Grand Finals! Huge stage, tough as GNUHurd teams, flashy lights! This is an event reguardless if you are participating or spectating you DON’T want to miss out on!
- Each registered team plays for their chosen charity.
- Teams compete in a King-of-the-Hill-style competition on the SimSpace platform (3 teams per 2-hour session).
- The top three teams play in a final competition to determine 1st, 2nd, and 3rd place cash awards for their charity.
This King-of-the-Hill game, provided by SimSpace, is designed to equally test attack and defend skills of each team.
Teams are scored based on their responses to the threats. Possible scoring metrics include, but are not limited to:
- Detection of IoCs or artifacts
- Mitigation of vulnerabilities
- Intrusion response
- Restoration of service
- Restoration of device
- Removal of artifacts
As a member of the audience, you have a front-row seat to watch the teams compete in a king-of-hill competition and cheer on your favorites. All for FREE.
- Audience members receive:
- Access to the arena where all of the action is taking place
- Opportunity to cheer on your favorite charity team
- Opportunity to purchase drinks to help raise money for your team’s charity
- Incredible networking with other attendees
OPERATION: RED TEAM CTF
Black Hat USA | August 10th-11th | 2nd Floor | Breakers E
Join us in-person at Black Hat USA for Operation: Red Team, a high-stakes game of capture the flag that puts your skills to the test. Learn while you play, using offensive strategies to outsmart your adversaries and improve your cyber defense skills.
Trend Micro Operation: Red Team Challenge at Black Hat USA
Join us in-person at Black Hat USA for Operation: Red Team, a high-stakes game of capture the flag that puts your…
Prizes up for grabs include Sony noise-cancelling headphones, a Prusa i3 MK3S+ 3D printer kit, a Onewheel electric skateboard, and MORE.
Play to win and see what it takes to:
- Identify weaknesses and risks in your security posture
- Bolster your own cyber defenses
- Proactively manage risk, eliminate blind spots, and reduce exposure
About the Operation
We’re hosting three challenges per day on Aug. 10 and 11, beginning at 11 a.m. and running until 6:30 p.m. PDT. Each challenge will take no more than 1.5 hours to complete.
A laptop and some knowledge of Linux are required to compete in the challenge.
The journey home to DEFCON 30 for each of us is absolutely unique and special. Whether you grew up alongside the digital world, or you found a mirror to your feelings in cinema, television and music, or your passion for learning and curiously brought you to read every line of a novel, story, chat or blog post, we all share that HACKER spirit. What is a HACKER? Who is a HACKER? Am I a HACKER? Our hope is not draw lines, and barriers in defining HACKER, rather to remind us that HACKER is a culture, a feeling, a love and passion to explore and challenge ourselves. In simplest terms a HACKER can be seen as a solver of quests. As this our 30th year we reflect on our roots, where we have come, and what our future holds. But as with all things to a HACKER, another quest we will embark on, another puzzle to solve and another story to tell. With this preamble we invite you to play along with us our very unofficial DEFCON 30 LINECON CTF!
Last Minute CTF
The Last Minute Capture the Flag [CTF] event is back for another year during Blue Team Con. We’re looking to bring another beginner-friendly CTF competition. As we were happy to announce last time around, this was originally a very last minute thing. This time, not quite so late, but still pretty last minute. However we aim to provide continue to provide a fun game via a unique learning experience. As this is being run at Blue Team Con, all of the puzzles and challenges will be related as best we can to defensive cybersecurity topics.
Our goal is to create somewhat friendly introduction to CTF-style challenges and being very accessible to users of all skill levels. We have reworked and rebuilt how we want to start the competition in effort to help show newer CTF players a bit of what we have going on. To this end, the competition requires you to complete two introductory challenges that walk you through some important information and will hopefully help get you into the spirit of the competition. Remember, we want you to learn, we just might not make everything too easy…
However, a big difference that we can impart on this competition compared to other competitions, as we did last year, is that the Last Minute CTF wants to see you document your work and provide write-ups for each of the challenges. This is totally not because we’re doing this at the last minute and don’t want to do it ourselves… However, half of the available points will come directly from these write-ups. While documentation is not something for everyone, it is a highly desirable skill to have and use in any day-to-day operation and who knows, we may even feature your write-up and tell everyone how awesome you did the thing.
The competition homepage will go live for player signups (and to allow people early access to complete the introduction) when registration opens on Friday, August 26th, at 6:00pm CDT.
The rest of the challenges and the competition will begin Saturday, August 27th, at 10:30am CDT until Sunday, August 28th, at 1:00pm CDT.
Help and Assistance:
- Join the Blue Team Con Discord and then the #ctf channel
- Stop by the CTF Room during Admin Availability Hours* for Assistance
- Saturday, August 27th: 10:30am to 5:00pm
- Sunday, August 28th: 10:00am to 1:00pm
- These hours are subject to change.
Date & Time: July 15th 10:00 AM — July 16th 10:00 AM
Crypto CTF is an online competition for hackers to test, evaluate, and expand their cryptography exploiting skills.
In this CTF, we will provide various crypto challenges regarding modern cryptography techniques.
All crypto lovers are most welcome!
Crypto CTF is a revenge for everlasting complaints by CTF participants about crypto challenges in CTF contests. In this brand-new tournament, we are trying to provide the crypto lovers with fun and challenging pure crypto tasks to squeeze their heart and test their passion for cryptography.
Each task will be based on a particular cryptographic primitive, or it will include a direct application of cryptography in other fields.
The organizers of these tournaments generously offer their skills’ knowledge to design original Crypto tasks and challenges for similar contests.
Long Live Crypto :)
Date & Time (EST): July 15th 4:00 PM — July 18th 4:00 PM
ImaginaryCTF is back, with a new CTF for 2022! All skill levels welcome to participate. It runs from July 15 to July 18, starting and ending at 8 PM UTC. In the competition, teams will be challenged to hack websites and servers, crack codes, and recover information through challenges in cryptography, binary exploitation, web exploitation, forensics, reversing, and more. We hope you will have fun and learn something new! Join our discord server to receive updates: https://discord.gg/bb4r5DgGnC
Note: Unlike last year, there is no limit on team size.
Virtual Event, August 6–7, 2022
WHAT IS HACK@SEC?
HACK@SEC is a competition, coincides with the USENIX Security conference, for penetration testing of the hardware and firmware. In this competition, participants compete to identify the security vulnerabilities, implement the related exploit, propose a mitigation technique or a patch, and report them. The participants are encouraged to use any tools and techniques with a focus on the exploitation of the bugs.
This year, we together develop practical and effective solutions and computer-aided tools to identify the vulnerabilities more efficiently in buggy SoC, with a special focus on exploitation.
The teams will be provided an SoC including a set of bugs and will compete in a live capture-the-flag competition. They will need to apply their techniques and developed tools to detect and exploit as many vulnerabilities in a limited time-frame.
Pros VS Joes CTF
Location: BSides Las Vegas
The Pros V Joes CTF is an event where the average Joe can have a chance to defend along with Professionals in the field, to learn from them while having fun. The game consists of live combat, with each team of Joes defending a network from a Red Cell of professional hackers. Each team of Joes will be lead by a Pro Captain (PvJ Staff) and Pro co-Captain. These fine folks will help train and prepare their Joes, supporting them throughout the two days of carnage and mayhem.
Apply to be a Pro or a Joe or check out our sponsorship opportunities.
As in the past, this game is designed to give regular Joes their first taste of live-fire security, where they have to defend networks against Professionals who know how to break in.
For the Pros, this is a chance to flex your muscles, showing how good you are against live threats. Or, if we accept you to our Red Team to play with our PvJ Staffers, it’s a chance to show your skills in pwning all the things. For both colors of Pro, Red and Blue, it is a chance to lend your experience to help others improve their game.
The environment to host this CTF is laced with various surprises to keep the game interesting. The networks that the Blue Teams must defend will be a mix of Windows and Linux, with the typical Internet services (web, DNS, mail, etc) and a mix of obscure systems and services.
For more information for both Pros AND Joes head over to http://prosversusjoes.net. Also, watch for tweets from @dichotomy1, our Red Blue and Gold teams, or any of the rest of the PvJ Staff.
FAUST CTF 2022
Date & Time (EST): July 9th 8:00 AM — 5:00 PM
FAUST CTF is an online attack-defense CTF competition run by FAUST, the CTF team of Friedrich-Alexander University Erlangen-Nürnberg.
Once again, the competition will work in classic attack-defense fashion. Each team will be given a Vulnbox image to host itself and VPN access. You will run exploits against other teams, capture flags and submit them to our server.
The vulnbox decryption password will be released at 2022–07–09 12:00 UTC. The actual competition will start at 13:00 UTC and run for eight hours.
Thanks to our sponsors, we can again provide nice prize money:
- First place: 1024 €
- Second place: 512 €
- Third place: 256 €
Additionally, for each service the first team to exploit it, submit a valid flag and provide a write-up will win 64 €.
Please check our rules page for information on payout restrictions.
Testing Vulnbox images are available. On first login, the Vulnbox will ask you for some information and configure itself properly. You can log in as root using any of the following ways:
- Use SSH with the generated random password (may need port forwarding, for the NAT Network)
- Connect to the serial port of the VM (may need configuration)
- Use the graphical console of your virtualization software — not recommended if you want to deploy SSH-Keys or configure VPN.
- When hosting on a cloud provider, chances are that you can enter your SSH-Key when creating the VM (cloud-init is installed).
If you run into problems with the setup, try our suggestions from Basic Vulnbox hosting.
We provide two options for download:
- An OVA bundle tested with VirtualBox
- A QCOW2 image tested with libvirt/KVM
To verify the integrity of your download, you may check the SHA512 sums.
Both images are identical, so use the one that fits your needs. The serivces inside are located in `/srv` and are encrypted with the password
To decrypt and start them, use the command
Note: Testbox and Vulnbox can not be connected to the game VPN at the same time, so make sure to shutdown the Testbox when the real Vulnbox is released.
This year’s website is online and the registration is open. The CTF is already around the corner, so make sure to sign up now.
A New HOPE Capture the Flag
DiceCTF — Come participate in a capture-the-flag competition organized by
DiceGang! Open to all skill levels; challenges will range from easy to hard.
Learn the basics of binary exploitation, reverse engineering, web hacking, and
cryptography with some hands-on challenges. Team up with friends to compete for
The competition will run throughout the conference and you can
participate in-person or online.
Capture the Flag A New Hope (2022)
DiceCTF - Come participate in a capture-the-flag competition organized by DiceGang! Open to all skill levels…
The Diana Initiative
Capture The Flag Village - The Diana Initiative
Welcome to the Capture the Flag (CTF) Village 2022 HOURS: The game will run July 16, 2022 - 9:30am - 5:30pm pacific…
Virtual Event CTF
HOURS: The game will run July 16, 2022–9:30am — 5:30pm pacific.
Our Virtual event CTF is brought to you by Just Hacking Games CTF
They have lots to offer players of all backgrounds and levels!
The CTF is password-protected, once you have your ticket you will be invited to our discord and the password will be available once the game starts.
The CTF can be played as a team or an individual.
There will be prizes to be won for the top 3 teams, donated by our wonderful sponsors!
Virtual CTF Committee
Chair: John Hammond
Co-Chair: Caleb Stewart
10 ebook vouchers
Hybrid (In-Person and online) CTF
Hours: 9a-5p August 10, 9a-4p August 11
Our Hybrid event CTF is brought to you by Carnegie Mellon University (CMU) and is hosted on picoCTF
They have lots to offer players of all backgrounds and levels!
The CTF is password-protected, you will need to stop in the CTF room to get the password once the game starts.
The game will run for both days August 10–11, 2022 (times still TBD).
The CTF can be played as a team or an individual. Teams can be up to three members.
There will be prizes to be won for the top 3 teams, donated by our wonderful sponsors!
There will be NO WiFi at the event, so be sure to bring a compatible device or a ethernet (cat5) adapter.
Virtual CTF Committee
Chair: Hanan Hibshi
Student Leads: Yuwei Li , Suma Thota, Palash Oswal
Student CTF Staffers: Asparsh Kumar
Challenge Team: TBD
1 Year VIP+
3 Month Prolab
3 Month VIP
1 Month VIP+
500 Academy Cubes
HACKY HOLIDAYS: UNLOCK THE CITY CTF
Date & Time (EST): July 8th 6:00 AM — July 26th 6:00 AM
Hacky Holidays (Unlock the City edition) is a jeopardy CTF hosted on the Deloitte Hackazon platform, where you can test and improve your skills with all sorts of challenges (technical puzzles) related to cyber security and emerging technologies.
You’ve been officially chosen to compete in UNLOCK THE CITY from July 8. till July 26.
Help! The smart city is in trouble. An A.I. algorithm went rogue in the once so peaceful, intelligent city. It’s chaos out there.
To regain control and restore peace, we need a group of talented hackers. Each hacker or hacking team will unlock the city in phases by solving a set of challenges in four city districts. The city council has announced that the event’s winner will be appointed “Mayor” of the City to sweeten the deal. Additionally, the best hacker in a particular district will become the “Sheriff” for that district.
Can we count on you to unlock the city?
What is in it for me
First of all, you will learn a lot about the various cyber security topics introduced in the game, but that is not all! You can also win a prize for creating a writeup or solving the most challenges. The winners will be announced on August 2rd on the Hacky Holidays website.
Top 3 student teams
- 🏆 1st place: 1337 USD
- 🏆 2nd place: 777 USD
- 🏆 3rd place 337 USD
* Each member of a student team must sign up as a student and be able to provide evidence of being a student.
Top 3 non-student teams
🏆 The members of the top 3 non-student teams are awarded a 50 USD voucher which you can spend at the M5STACK webshop for your IoT hobby projects!
Best 10 writeups
🏆 We invite everyone who solved a challenge to write a creative and detailed writeup on how you solved the challenge. You must publish the writeup after the game has ended in order not to spoil the solution to anyone else in the competition (starting July 27th). Out of those writeups we will select the best 10 write-ups that will be rewarded with a 50 USD voucher which you can spend at the M5STACK webshop for your IoT hobby projects! You can participate by submitting (a link to) your writeup to firstname.lastname@example.org until August 1st, 2022.
Best 3 video-writeups
🏆 We invite everyone who solved a challenge to (screen-)record a creative and detailed video-writeup on how you solved the challenge. You must publish the writeup after the game has ended in order not to spoil the solution to anyone else in the competition (starting July 27th). The write-up must be published on a publicly available platform. Out of those writeups we will select the best 3 write-ups that will be rewarded with a 50 USD voucher which you can spend at the M5STACK webshop for your IoT hobby projects! If you submit your video you also make a chance that your video write-up will be used in the aftermovie! You can participate by submitting (a link to) your video-writeup to email@example.com until August 1st, 2022.
Note: Deloitte employees can play in the event but are excluded from winning a prize. The top X players refers to the entries on the scoreboard and is based on the total score of the team and the time of flag submissions. Participants can win a maximum of 2 vouchers by participating in Hacky Holidays.
Hackazon by Deloitte
Hackazon is a platform developed by Deloitte that allows students and professionals to constantly refresh and improve their technical cyber skills based on the latest developments in cyber security. The Hackazon platform covers a broad range of cyber topics through challenge-based activities. The challenge materials are perfect for cyber students, developers, IT engineers, incident responders, security analysts and penetration testers but also has material to improve the security awareness for anyone without a technical focus.
MHL (MAJOR HACKING LEAGUE) GLOBAL HACK WEEK: INIT HACKATHON
Date & Time (EST): July 3th — July 10th
WHAT IS MLH INIT?
INIT is a celebration for the start of the 2023 Hackathon Season! You can expect to complete challenges, hear about BIG community announcements, chat at hacker hangouts, enjoy fun live sessions, build technical projects, and make new memories.
WHO ATTENDS MLH INIT?
Global Hack Week: INIT is attended by hackers from all over the globe. Whether this is your first time coding or you’re a seasoned expert, we will have events here for you. Our last Global Hack Week included hackers from over 90 countries around the world! If you’re a first-time hacker, there will be beginner-focused activities for you.
- Complete MHL Swag form — hackp.ac/INITSwag
- Update Your Address — hackp.ac/Address
- Join Discord & Guild — discord.mlh.io
Week-Long: Check In
Day 6: Check In|Devpost Coming Soon|Form Coming Soon
Day 7: Check In|Devpost Coming Soon|Form Coming Soon
We know what you’re excited for at Global Hack Week: INIT 2023. We’ve got some awesome stickers and swag ready to go for every participant. It’s simpler than ever for you to earn your swag.
After you’ve completed our registration challenges, you’ll have earned yourself:
— An MLH Sticker
— A Season Mascot Sticker
— An GHW: INIT Hexagon Sticker
— A Thank You Postcard
Check in each day and attend at least 3 live sessions to earn:
— A super secret set of bonus stickers!
If you still want more swag:
-After each live session we will raffle off a ticket that you can redeem for MLH tees and other swag later this season
One of the best parts of our community is that it allows people to meet and make connections with others, regardless of where you live. Form a guild of hackers grow your community.
Remember, sharing is caring — so use these to share the excitement with your local community, friends, and classmates!
Form a Guild — hackp.ac/guild
Join a Guild — discord.mlh.io
Challenges & Points
Earn experience points for yourself by completing our challenges throughout GHW: INIT. Challenges aren’t the only way to earn points. You can also receive a point each time you check in for a live session, so the more you attend, the more points you’ll rack up. They can be as simple as posting on your social media or as advanced as building a project and creating a full demo video for it. We’ll leave it to you to choose which challenges you want to take on. Feel free to work collaboratively with others on these.
At GHW: INIT we will have plenty of challenges to keep you busy. Challenges will range from social challenges urging you to connect with other members of the community, technical challenges that will expand your coding skills, and design challenges to refine your skills as a creator and artist. Some of these challenges will be completed live on our twitch stream, so you can follow along and complete it with the community. We cannot wait to see all that you learn, build, and share.